Supply chain
⛓ Supply Chain
Lithia Motors, Sonic Automotive, Penske Automotive Group, Inc. and more⦠Third-Party Breach (June 2024)
Primary Source ↗Incident Details
In 2024, Lithia Motors, Sonic Automotive, Penske Automotive Group, Inc. and more⦠experienced a data
security incident via a third-party vendor relationship. The compromised third-party vendor was CDK Global.
Source reporting: https://therecord.media/car-dealerships-reports-sec-cdk-software-ransomware
Technical Details
- Initial Attack Vector
- Compromise of third-party service provider / vendor relationship
- Vendor / Product
- CDK Global
- Supply Chain Attack
- ✅ Confirmed third-party / vendor compromise
Timeline
- 2024-06-01 Breach occurred
- 2024-06-01 Publicly disclosed